How App Store grifters clone an overnight success to make a quick buck

The app had only been out three months, and already the creators
of A Beautiful
Mess were scrambling to deal with a big problem: clones,
copycats, and rip-offs, as many as seven of them, crowding the
search results in the App Store. The clones appeared to be
legitimate, affiliated versions, yet as all the developers knew,
they were anything but. The CEO of the company that created the
original A Beautiful Mess called them "infuriating."

Attack of the clones
The legitimate version of the app is a product of the lifestyle
blog A Beautiful
Mess; it allows users to augment photos or background patterns
with text, doodles, and filters. The app was launched by Red Velvet
Art LLC, which was affiliated with the blog, and it was developed
by Rocket Mobile, a brand agency based in Austin, Texas. The app
launched on 14 May and debuted as the number three paid app in the
App Store. Shortly thereafter, it moved to the number one spot.

In June, the first clone appeared. It used the same icon and
screenshots as A Beautiful Mess but came with a modified name: A
Beautiful Mess Free. The second clone was produced by a developer
named John Harlampa: A Beautiful Mess Plus. By the beginning of
August, seven clones cluttered up the App Store, and one rip-off
was charting in the top 50, according to AppTweak. It hovered in
that range until the day it was pulled, sometime on 19 August.

The original app, which had sustained a fairly high position on
the paid charts, dropped as low as the fifties.

A Beautiful Mess developers tried to have the clones removed.
"When we reported an IP infringement through Apple's system,
[Apple] would email the company we were accusing and CC us on it,"
said Trey George, the business development manager for A Beautiful
Mess, in an email to Ars Technica. George believed that most of the
clones originated with two operations, which he believed would
feign innocence when confronted in a bid to buy time.

"They replied essentially saying, 'Sorry for the mistake. We'll
look into this and try to get it handled,'" said George. "Sorry for
the mistake? They accidentally copied and pasted our exact icon and
app name?"

"The crazy part was there wasn't much legally we could do,"
George added. "Our lawyer essentially said it would be insanely
expensive to pursue, and ultimately legal fees wouldn't pay for
themselves."

Eric Clymer, a partner and the lead mobile developer at Rocket
Mobile, speculated that a clone creator once stalled a takedown by
pretending that the similarities were a mix-up -- and other clone
creators saw that the clone had stayed up and adopted the tactic.
The copycats were looking to "wait it out to get that first check
from Apple and then they don't really care," Clymer told Ars in an
interview.

There is a time delay on the order of weeks between app
purchases and when Apple issues checks to the developers, but even
a few hundred purchases (plus the associated ad impressions) can be
a decent chunk of money. If clones achieve a position as high as
Harlampa's A Beautiful Mess Plus, they could well make more. Apple
does not reveal how it constructs its app charts, and it did not
respond to requests for comment.

How to build a clone
Cloning an app from the version released on the App Store is not a
trivial matter. Those involved with A Beautiful Mess couldn't speak
to how it was accomplished, but the basic process involves using a
jailbroken device and manually decrypting the app with different approaches depending on
whether the app supports multiple architectures. More recent apps use address space
layout randomisation (ASLR), requiring extra steps to get access to the unencrypted binary.

"No one understood how easily the code was copyable as well,"
Clymer said.

Once would-be cloners have the binary, they can modify it and
resubmit it to the App Store but not under the same name. Apple
does do a quick check during initial submissions to prevent
duplicate names; for instance, if someone tried to submit an app
named "Instagram," the form would return an error.

The clone creators circumvented this problem by positioning
their apps as permutations of the original A Beautiful Mess -- A
Beautiful Mess Free, A Beautiful Mess +, A Beautiful Mess Express.
The apps were filed under different developer names but used the
same icon and augmented their pricing structures to reflect the
position the name suggested. The original was $0.99 (£0.69); clones
would be free or more expensive, depending on their modifiers.

"I imagine I can't enter Instagram Plus, and I can't enter
Instagram Free," Clymer said. Perhaps if the app had been around
longer, Apple would have banned name permutations, but in this
case, it did not do so.

I downloaded a couple of the clone apps to see how egregious the
copies were. A Beautiful Mess Express, credited to developer
Jingjing Liu, was a near-direct copy of the app, with a few
different artistic elements changed and a banner ad added to the
top of the screen.

Another developer looking to ape A Beautiful Mess's success, Kim
Tools, positioned its app as A Beautiful Mess +. While the app
shared the icon and name, it was an entirely different app on the
inside, though it was still geared toward taking and modifying
photos. Both apps, present on the store along with a few others in
mid-August, have since been removed. Kim Tools associated itself
with the Web address xtremeapps.com, which is registered to a Lee
Heineman of Pennsylvania; neither phone calls nor emails to the
number and address provided for the Web address received a
response.

Killing the clones
Since the clones hit their peak population in mid-August, all of
them have disappeared from the store. Scott Wiskus, a partner and
CEO at Rocket Mobile, told Ars that "within a couple days of the
clones being removed, the app went from 50-something to
20-something -- so it certainly made a difference."

The story is hardly a stirring vote of confidence in Apple's
review process, but Android's lack of strong oversight can lead to
an even worse problem. Clymer highlighted the recent case of the
game Gentlemen!, which was purchased legitimately 144
times and pirated more than 50,000 times.

Try as I did, I could trace only one of the app clones to a
human; the rest were filed under names and companies I couldn't
connect to any real person or business entity. A couple developers,
such as Jingjing Liu, maintain a handful of other apps on the App
Store, some of which are modeled less obviously after the popular
photo-mod app InstaCollage. Kim Tools' catalog of App Store apps
are less of a ripoff, if still derivative. While it's surprising
they aren't gone, I imagine Apple is now watching them closely.